The present invention relates generally to the field of information security technology, and more particularly to multi-user authentication.
Present-day commerce increasingly relies on electronic transactions, and as such, a party to a proposed transaction needs to be able to verify that the other parties to the proposed transaction are legitimate. Illegitimate other parties include, but are not limited to, hackers, those interested in perpetrating identity theft, and those interested in perpetrating fraud. Authentication is the process of determining that an authorized user has initiated a request and that the request was not modified improperly by an interloper on the way to the destination. Accordingly, various authentication methodologies have been developed to verify a party's identity prior to an electronic transaction. Unfortunately, many authentication methods have weaknesses that can be exploited or that introduce burdens on users and managing organizations.
Multi-factor authentication of a single user takes advantage of a combination of two or more factors of authentication. Three major factors include: verification by something the user knows, such as a password, or a personal identification number (PIN); something the user has, such as a smart card, a security fob, a hardware or virtual token, or a digital certificate; and something the user is, such as a biometric characteristic, e.g., a fingerprint, a facial image, a retinal pattern, a voiceprint, etc. Due to its increased complexity, a multi-factor authentication is harder to compromise than a single factor authentication.
Multi-user authentication is a requirement that two or more users are authenticated at the same time. A system will wait for the two or more users to provide permission to a given action on a given resource, and only when all required permissions are provided will the system perform the action. For example, regarding session management, for a session to be valid, two or more authorized users have to be authenticated. If one user is authenticated, the session will not be valid and active until at least one other authorized user is also authenticated. In another example, regarding request processing, a request must be received from two or more authorized users in order to proceed with processing the request.